💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HNS › issue051.… captured on 2022-01-08 at 15:57:42.

View Raw

More Information

⬅️ Previous capture (2021-12-03)

-=-=-=-=-=-=-

HNS Newsletter
Issue 51 - 20.02.2001
http://net-security.org
 
This is a newsletter delivered to you by Help Net Security. It covers weekly 
roundups of security events that were in the news the past week. Visit Help 
Net Security for the latest security news - http://www.net-security.org.

Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter

Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter

Current subscriber count to this digest: 1925

Table of contents:
 
1) General security news
2) Security issues
3) Security world
4) Featured books
5) Security software
6) Defaced archives



General security news
---------------------
 
----------------------------------------------------------------------------

HACKERS SAY ATTACK WAS EASY
Uncovering confidential data, such as passwords and credit card numbers, on 
business and government leaders who attended an annual meeting in the Swiss 
Alps was easy, computer hackers were quoted as saying Sunday. The Zurich 
weekly SonntagsZeitung, which last Sunday disclosed the capture of data on 
27,000 leaders, listed on the Internet the type of information that was 
compromised for each leader. Former President Bill Clinton's forum password 
and actor Dustin Hoffman's e-mail address were included. The newspaper 
lists the names and titles, but withholds the confidential numbers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nandotimes.com/technology/story/0,1643,500308974-500496290-503480397-0,00.html


NEW LOVELETTER VARIANTS APPEAR
Two new Loveletter virus variants have appeared over the weekend, but 
antivirus companies appear to be divided on what level of importance to 
attach to their arrival. While F-Secure issued a high-level alert to subscribers 
of its Radar IT security alerting service early this morning, Kaspersky Lab said 
that the rash of warnings about Loveletter virus variants "are simply a form 
of virus hysteria."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/161815.html


DAVOS HACK: "GOOD" SABOTAGE
A group called Virtual Monkeywrench has taken credit for the hack and said it 
is an example of "good sabotage" that was intended to block "the operation of 
this well-oiled machine." "The people from Monkeywrench said that the data 
was not protected, that it was open and accessible. They say that the 
information was just lying there, almost offering itself up to them," said 
"Fillip," a computer systems specialist from Switzerland who said that he 
has communicated with the crackers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,41760,00.html


ANNA VIRUS LOSES ITS SIZZLE
Variants of a virus capitalizing on the popularity of Anna Kournikova failed to 
add momentum to the worm's spread Monday. "I think it is under control at 
this point," said Vincent Gullotto, director of security software maker Network 
Associates' antivirus emergency response team. "It had the potential to 
become Love Letter-ish, but because we and others had protection, it 
failed to spread too quickly."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2684871,00.html


FIREWALLS - IT'S TIME TO EVOLVE OR DIE
"Much may be said for the utility of network protection with firewalls, but too 
often we forget about the vulnerable, pink, hairless underbelly of the firewall. 
In this series of articles I will expose the weaknesses that are often ignored. 
A disclaimer, however: Even though there are many problems with firewalls 
and they are far from perfect, you are better off leaving them in. Firewalls 
are better than nothing most of the time. They provide the only major line 
of defense for many networks (more on this particular issue later), so please 
do not remove your firewall unless you have given this some serious thought."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/firewalls20010212.html


E-SIGNATURES WITH USB CRYPTO-TOKENS
The recently enacted Electronic Signatures in Global and National Commerce 
Act grants electronic signatures and contracts the same legal weight as 
handwritten signatures on printed documents. While the new law will almost 
certainly accelerate the use of digital signatures for all sorts of e-commerce 
transactions, the law does not specify a single de facto standard technology 
used to generate digital signatures. One option is the use of a Universal Serial 
Bus (USB) cryptographic token to generate digital signatures. USB cryptographic 
tokens offer an easy and secure way to generate, store and deploy digital 
identities for a host of e-commerce applications and transactions. These 
tokens also have the unique ability to plug the security gap found in many 
digital signature schemes.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_421607_1794_9-10000.html


TRACKING DESPERADOES, DOCUMENTS, COMPUTER FILES...
Investigating computer crime can mean wading through vast amounts of 
dissimilar evidence. Websites, paper documents, public records, computer 
files, personnel records, and online databases all top the list. Understanding 
where you are in an investigation may be akin to sorting out your position in 
a South Pacific archipelago; a navigational chart becomes invaluable. The 
elements in any investigation are people, places, things, documents, and, 
nowadays, electronic records, whether local or in cyberspace. Yet, the key 
operation is not just collecting them but understanding how they relate to 
each other. So, linking analysis becomes a vital tool in the investigative 
process.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/desperadoes20010213.html


THE ANNA VIRUS THE WORK OF "SCRIPT KIDDIES"?
Eric Chien, chief researcher at Symantec, explained that the virus was actually 
created with a virus writing kit, known as Vbs Worms Generator 1.50b, which 
is readily available on the internet.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1117639


WINDOWS XP CAN SECURE MUSIC
A new digital media security solution developed by Microsoft provides protection 
for content owners while excluding other digital rights management systems. 
The Secure Audio Path (SAP) adds "static" interference to media files that 
require video and audio cards to authenticate themselves with Windows 
software before they can be played. The company would be able to verify 
that a media player isn't playing an "unsecured" file, which according to 
Microsoft would eliminate much of the threat of piracy.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,41614,00.html


INTRUSION DETECTION SYSTEMS, PART IV: LOGCHECK
The last in this four part series on IDS, looks at Logcheck: a software package 
that is designed to automatically run and check system log files for security 
violations and unusual activity.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.freeos.com/articles/3540


RESTRICTANONYMOUS: ENUMERATION AND THE NULL USER
If you are an NT administrator, or if you provide security policies and audits for 
clients, then you know all about the RestrictAnonymous value in the LSA key. 
If not, you need to educate yourself about this setting- not so much because 
of what it does, but more importantly, what it doesn't do. This article by 
SecurityFocus.com writer Timothy M. Mullen will offer an overview of 
RestrictAnonymous, the need for a RestrictAnonymous setting, some 
inherent weaknesses in RestrictAnonymous and some developments 
that aim to negate these weaknesses.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/microsoft/nt/restrict.html


ANDES ASICS BYPASS TCP LAYER TO SECURE TRANSACTIONS
Andes Networks Inc. has devised a way to dramatically accelerate Secure 
Socket Layer transactions by bypassing the Layer 4 TCP session. The 
company is aiming for nothing less than a radical revision of how secure 
HTTP transactions are conducted.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.electronicstimes.com/story/OEG20010212S0109


INTERNET GATEWAY CONFIGURATION AND MORE
This article gives an overview of ways to use your DSL machine as gateway for 
your home or office network, and goes through the basic steps to setup and 
maintain security to machines connected directly to the Internet.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.bsdtoday.com/2001/February/Features409.html


ANNA WORM WRITER TELLS ALL
A man from the Netherlands has admitted to writing and distributing the virulent 
but short-lived "AnnaKournikova" e-mail worm. He also says he regrets it and 
vows never to write another one again. He has put up a website where he 
admits to authoring the worm, and also tells why he did it. The worm's writer, 
who goes by the name "OnTheFly," writes on the site that he didn't create 
the worm just "for fun." Instead, he says he did it to prove that people had 
not learned anything from previous e-mail worms.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,41782,00.html


SECURE REMOTE LOG SERVERS USING SCP
Currently there are not many elegant ways to implement a secure, centralized 
systemlog server. Centralizing system log files can have several important 
advantages: efficient management of log files, maximized disk space usage, 
easier access for auditing purposes and more secure retention. This article 
by Kristy Westphal will discuss a solution that is secure, affordable and easy 
to run, especially on a Solaris system.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/sun/articles/securelog.html


RECOGNIZING VIABLE PHYSICAL ATTACKS
When you talk to most IT managers about security, they will assure that they 
have the latest firewall technology, 128 SSL encryption on their Websites, and 
strong access controls. When you ask them about availability and redundancy, 
they will talk about offsite backups, load-balancing their Web servers, and, if 
they are really gung-ho, about the fact that they have a second data center 
in San Jose. In most cases this is quite sufficient. However, there is a major 
area that as of yet has gone unexplored by most non-governmental 
organizations. This is the world of electromagnetic radiation, with exotic 
technologies such as HERF, EMP and Tempest.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010213.html


INTEL DEFACED
A group known as the Sm0ked Crew managed to deface an Intel sub-domain
at talisman1.cps.intel.com leaving a short message. Intel pointed out that
the attackers failed to upload any HTML. The site is running Microsoft IIS4
on Windows NT4 - a combination that has been subjected to a raft of
exploits in recent weeks. Experts expressed surprise at the processor
giant's apparent lack of web security.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.vnunet.com/News/1117695
Mirror: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.attrition.org/mirror/attrition/2001/02/13/talisman1.cps.intel.com/


KOURNIKOVA CORNUCOPIA
Vmyths.com's Rob Rosenberger did a great rant on the whole situation regarding
the Anna Kournikova worm.
Link: http://www.vmyths.com/rant.cfm?id=302&page=4


ONTHEFLY IDENTIFIED
Dutch privacy laws prevent local authorities from releasing the identity of the
author of the "Onthefly" email worm, but an investigation by InternetNews
Radio reveals all roads lead to the Anna Kournikova fan Web site of Jan Dewit.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.internetnews.com/wd-news/article/0,,10_589521,00.html


SERVER BASED COMPUTING IS TECHNICALLY SECURE
With over 140 million PCs, workstations and servers deployed worldwide, 
armed with Internet on one side and new computing devices on the other, 
the complexity and cost of delivering business critical applications is becoming 
overwhelming. Server-based computing, a model in which applications are 
deployed, managed, supported and executed completely on a server, is fast 
catching up across the world. Alan Pettit, in a conversation with Sofia Tippoo 
explains about this architecture spreading in Asia Pacific.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/15info15.htm


INTERNET SECURITY AND ACCELERATION SERVER
Microsoft unveiled another of its .Net array of servers when it released its 
Internet Security and Acceleration server. The server is essentially a 
beefed-up firewall, designed to defend networks from external attacks and 
prevent unauthorized access. With this release, Microsoft, of Redmond, Wash., 
hopes to challenge companies such as Check Point Software Technologies for 
supremacy in the enterprise firewall market. Microsoft has not traditionally 
been noted for its products' security features, which may be a hindrance to 
widespread adoption of the ISA Server.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/eweek/stories/general/0,11011,2685764,00.html


OPENSSH: LET THE COMMUNITY DECIDE TRADEMARK FIGHT
Theo de Raadt, co-creator of OpenSSH, says he hopes the community, not the 
courts, will decide a trademark skirmish in which SSH Communications Security 
Corp. is demanding that the project stop using the name it's been using since 
1995.
Link: http://www.newsforge.com/article.pl?sid=01/02/14/1838201


NETFILTER FOR IP MASQUERADE
As of 2.4, ipchains is a thing of the past. The replacement for ipchains is 
Netfilter's iptables. What does this mean to the end user? Typically it means 
little beyond the fact that suddenly their ipmasq script doesn't work. So, for 
starters let's get into setting up ipmasq under 2.4.x kernels.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linux.com/tuneup/database.phtml/Networking/2188.html


PEDOS VOLUNTEERED SYSTEM PASSWORDS TO COPS
The investigation into the w0nderland paedophile ring could have been 
scuppered at the last minute if the men had not given police their encryption 
keys. A spokeswoman for the National Crime Squad told that "We were only 
able to get into their systems when they voluntarily gave us their passwords." 
If the same situation were to arise today, the suspect would be obliged, under 
the RIP Act, to furnish the investigators with the key to decrypt their data. 
However, the Operation Cathedral investigation predated the Act becoming law.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/16918.html


LINUX KERNEL 2.4 FIREWALLING MATURES: NETFILTER
In yet another set of advancements to the kernel IP packet filtering code, 
netfilter allows users to set up, maintain, and inspect the packet filtering 
rules in the new 2.4 kernel. This document explains those changes and 
tips on how to get started.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html


SCHOOLBOY CRACKER CAUGHT BY DIALLING 1471
A UK computer security consultant has revealed how he snared a hapless 
computer cracker who made blackmail threats to his company. Rather than 
tracing him through the latest computer security technology, he used a 
rather simpler methood - the telephone callback facility.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/6/ns-20991.html


SATANIK.CHILD VIRUS UNLEASHED
A Valentine's Day virus, called VBS.Satanik.Child, has been reported by Aladdin 
Knowledge Systems. The statement described the bug as a VB Script vandal 
embedded inside HTML formatted e-mail, which introduces a new type of 
threat compared to the recently launched Anna Kournikova vandal.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.newsbytes.com/news/01/162014.html


WORM GENERATOR WENT OFFLINE
In the wake of the worldwide spread of the AnnaKournikova virus, an 18-year
old Argentinian claiming to be the creator of the Vbs Worm Generator - the 
program used to create the Anna virus - has removed the application's files 
from his Web site.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2686768,00.html


SPAIN: ATTACKS RISE 210%
Cyberguardian, the Spanish internet security bank, has voiced its concern at 
the rise in web server attacks during the first month of this year. Javier Lorenzo, 
General Manager of Cyberguardian, said that during the first six weeks, the 
number of hacked web sites of their clients had risen by 210 per cent.
Link: http://www.europemedia.net/shownews.asp?ArticleID=1531


FRAUD BUSTERS
The Net makes it easy for con artists to set up scams. But it also makes it 
easy for federal investigators to pursue the bad guys.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.idg.net/ic_429148_2058_1-1474.html


MONITORING UNIX LOGINS
"In today's article, I'd like to take a look at utmp, wtmp, and lastlog. These 
three files are read and updated whenever a user logs in to your FreeBSD 
system. However, you can't read these files directly, so we'll also look at 
the various utilities you can use to garner the information contained within 
these files. We'll then finish off the article with some utilities that deal with 
logins and terminals."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.oreillynet.com/pub/a/bsd/2001/02/14/FreeBSD_Basics.html


JOB OFFER FOR ANNA WORM CREATOR
The mayor of the city of Sneek has offered the recently arrested 20 year-old
who created the Kournikova worm a job. According to mayor S. Hartkamp "We're
of course talking about a man who has shown he's capable of something" and
"for people like him we've always got a spot at our IT department". Also the 
mayor says he's happy about the publicity his city is getting after this incident. 
"I was watching CNN and all of a sudden I saw our policestation on international 
television". This news comes after Jan DeWitt turned himself in earlier this week 
and admitted he didn't know what he was doing and hadn't anticipated any of 
the consequences his acts would have.


INTEL ATTACKER TALKS TO THE REG
A computer enthusiast who defaced Intel's Web site twice this week told The 
Register about the techniques he uses to break into prestige Web sites and 
what motivates him to tweak the nose of system administrators in the IT 
industry. The-Rev, of cracker group sm0ked crew, has contributed to the 
defacement of sub-domains on Web sites belonging to Hewlett-Packard, 
Compaq and Intel twice this week alone. SmOked crew, which also includes 
a member called splurge, had a pop at Gateway and the New York Times 
this week just for good measure.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/17000.html


NAPSTER'S NEW (SECURE) GROOVE
Details of Napster's new secure service are leaking, even as the recording 
industry continues to tighten the legal screws on the file-trading company. 
Napster formed an alliance with Bertelsmann's Digital World Services division 
on Friday to develop a secure system for file-trading that can be built into 
the existing service. Although Napster officials have been tight-lipped about 
the new service, Bertelsmann executives said the new system will build 
encryption into files currently being traded across the network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/technology/0,1282,41880,00.html


EDUCATION IS PRIMARY DEFENSE FOR SECURE MACHINES
It was with no small amount of irony that Jay Beale, lead developer for Bastille 
Linux, was hired by MandrakeSoft last Fall to help the French Linux company 
bolster the security of its Linux-Mandrake distribution. Now, after a few 
months in the employ of MandrakeSoft, Beale has some definite ideas about 
how he will be securing Linux-Mandrake and all of the other Linux distributions 
as well. As he has said from day one, Beale's first set of priorities in his new 
job is to make Linux-Mandrake and the other MandrakeSoft product more 
secure. This does not mean he will be diverted from his work on Bastille. On 
the contrary, through the support of MandrakeSoft, Beale is getting more 
time and funding to work even more on Bastille than he did in the past.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxplanet.com/linuxplanet/reports/3011/1/


UPDATE ON WEF 'HACK'
Swiss federal police knew anti-globalisation 'hackers' could try to steal 
confidential data from the rich and powerful on the guest list at the 
World Economic Forum (WEF) but did not warn organisers, a Swiss 
newspaper said on Sunday. 
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/19info2.htm

----------------------------------------------------------------------------




Security issues
---------------

All vulnerabilities are located at:
http://net-security.org/text/bugs


----------------------------------------------------------------------------

THREE SECURITY HOLES FIXED IN NEW KERNEL
Three security holes have been fixed in the kernel. One involves ptrace, another 
involves sysctl, and the last is specific to some Intel CPUs. All three security 
holes involve local access only (they do not provide a hole to remote attackers 
without a local account). The ptrace and sysctl bugs provide local users with 
the potential to compromise the root account. Neither has an active exploit 
available at the time of this writing. The last security hole is a DoS that does 
not provide access to the root account but does allow any user with shell 
access the ability to halt the CPU.
Link: http://www.net-security.org/text/bugs/981998065,83491,.shtml


NOVELL GROUPWISE CLIENT VULNERABILITY
with zen polices or NT Polices installed properly on a windows machine GroupWise 
can view the file system while policies do not allow local access to view the files 
system of local or remote drives. The GroupWise client allows permission to see 
and call files on all drives. This does not change or proxy the rights of another 
user it simply allows them to see what policies should be hiding. This problem 
was caused when Novell used an API that did not check with OS policies that 
have been applied to the user. This problem has been reported and confirmed 
by Novell Tech Support.
Link: http://www.net-security.org/text/bugs/981998342,24809,.shtml


DEBIAN LINUX - PROFTPD UPDATE
The following problems have been reported for the version of proftpd in Debian
2.2 (potato): 
1. There is a memory leak in the SIZE command which can result in a denial of 
service, as reported by Wojciech Purczynski. This is only a problem if proftpd 
cannot write to its scoreboard file; the default configuration of proftpd in 
Debian is not vulnerable. 
2. A similar memory leak affects the USER command, also as reported by 
Wojciech Purczynski. The proftpd in Debian 2.2 is susceptible to this 
vulnerability; an attacker can cause the proftpd daemon to crash by 
exhausting its available memory. 
3. There were some format string vulnerabilities reported by Przemyslaw 
Frasunek. These are not known to have exploits, but have been corrected 
as a precaution.
Link: http://www.net-security.org/text/bugs/982076610,8446,.shtml


WEBSPIRS CGI SCRIPT VULNERABILITY
Problem lyes in incorrect validation of user submitted-by-browser information,
that can show any file of the system where script installed.
Link: http://www.net-security.org/text/bugs/982077684,43757,.shtml


COMMERCE.CGI VULNERABILITY
Adding the string "/../%00" in front of a webpage document will allow an remote
attacker to be able to view any files on the server, provided that the httpd has
the correct permissions. You need to know the directory and file for it to be
viewable, and directory listing and remote command execution doesn't appear
to be possible. Although it may be possible to view some transactions of cc#'s
with the proper tinkering, and depending on if the admin has set proper
directory permissions.
Link: http://www.net-security.org/text/bugs/982077748,40437,.shtml


TRUSTIX SECURITY ADVISORY - PROFTPD, KERNEL
A race condition in ptrace allows a malicious user to gain root. A signedness
error in the sysctl interface also potentially allows a user to gain root.
Link: http://www.net-security.org/text/bugs/982189417,54382,.shtml


SECURITY HOLE IN KICQ
kicq is a free icq client clone available at http://kicq.sourceforge.net/.
Unfortunately received (untrusted!) URLs are passed to the specified
webbrowser (standard is kfmclient) without any sanity checking using
system(). The only user action needed for this is to click "Open" in a
popup menu.
Link: http://www.net-security.org/text/bugs/982202806,24596,.shtml


MITM ATTACKS AGAINST NOVELL NETWARE
Novell has implemented RSA's public/private key technology for encryption and
part of their authentication process. Due to protocol implementation problems,
a man-in-the-middle attack could allow for password hash recovery, and even
a user's RSA private key.
Link: http://www.net-security.org/text/bugs/982293844,88586,.shtml


WEBACTIVE HTTP SERVER 1.0 VULNERABILITY
Adding the string "/../" to an URL allows an attacker to view any file on the
server provided you know where the file is at in the first place. Only Win9x &
NT are affected.
Link: http://www.net-security.org/text/bugs/982378705,521,.shtml


THINKING ARTS STORE.CGI DIRECTORY TRAVERSAL
Adding the string "/../" to an URL allows an attacker to view any file on the 
server, and also list directories within the server which the owner of the 
vulnerable httpd has permissions to access. Remote execution of commands 
does not apear to be possible with this directory traversal bug, but directory 
listings are. Please note that you do need the %00.html at the end of your 
command.
Link: http://www.net-security.org/text/bugs/982378729,75704,.shtml


SUSE LINUX - SSH UPDATE
SuSE distributions contain the ssh package in the version 1.2.27. No later
version is provided because of licensing issues. SuSE maintains the 1.2.27
version in a patched package. Three new patches have been added that
workaround three independent security problems in the ssh package.
Link: http://www.net-security.org/text/bugs/982378844,18801,.shtml

---------------------------------------------------------------------------- 




Security world
--------------

All press releases are located at:
http://net-security.org/text/press

----------------------------------------------------------------------------

WATCHGUARD SERVERLOCK INTRODUCED - [12.02.2001]

WatchGuard Technologies, Inc., a leader in Internet security solutions, extended 
its award-winning Firebox firewall and VPN appliances with the introduction of 
WatchGuard ServerLock, new software that locks-down Microsoft NT and 
Microsoft Windows 2000 servers.

Press release:
< http://www.net-security.org/text/press/981997982,33252,.shtml >

----------------------------------------------------------------------------

F-SECURE: ANNA KOURNIKOVA THEMED WORM - [13.02.2001]

F-Secure Corporation, a leading provider of centrally-managed, widely distributed 
security solutions is alerting computer users worldwide about a new, rapidly 
spreading e-mail worm. Known as "Onthefly", this worm sends itself in an Anna 
Kournikova -themed attachments in e-mails titled as "Here you have,;o)". 
Ms. Kournikova is known as an international tennis star.

Press release:
< http://www.net-security.org/text/press/982075911,58240,.shtml >

----------------------------------------------------------------------------

FINLAND'S FIRST SECURITY SOLUTION FOR ADSL CLIENTS - [13.02.2001]

2001 F-Secure Online Solutions, a leading provider of centrally managed security 
services, and Elisa Communications announced the first bundled personal 
anti-virus and personal firewall services for ADSL users in Finland. The companies 
have entered into an agreement whereby F-SOS is the premier Security Service 
partner for Elisa Communications. The first result of the partnership is the launch 
of Personal Anti-Virus and Personal Firewall Services for Elisa Communications' 
ADSL customers.

Press release:
< http://www.net-security.org/text/press/982075986,21559,.shtml >

----------------------------------------------------------------------------

KASPERSY LABS - KOURNIKOVA WORM - [13.02.2001]

Kaspersky Labs, an international data-security software development company, 
reports the discovery "in the wild" of the new modification of the "Lee" worm 
going by the moniker of "Kournikova". The new worm already has managed to 
infect many computer systems in both North America and East Asia. At the 
same time, the worm poses no threat to Kaspersky Anti-Virus users due to 
the program's unique integrated heuristic code analyser designed to combat 
against unknown viruses - Kaspersky AV is able to detect the worm without 
any additional updates to the anti-virus database.

Press release:
< http://www.net-security.org/text/press/982076214,24241,.shtml >

----------------------------------------------------------------------------

Securing Capacity Group of Companies - [14.02.2001]

Trend Micro Inc., the leading provider of antivirus security, shares news of the 
successful defense of yesterday's "Anna Kournikova" virus outbreak by Capacity 
Group of Companies, using Trend Micro's ScanMail for Exchange. One of the top 
100 insurance brokers in the country, Capacity Group of Companies, weathered 
the worldwide virus outbreak unscathed. By using Trend Micro's ScanMail for 
Exchange, incoming infected messages, spreading via Outlook, were stopped 
at Capacity Group of Companies' Exchange mail server without disruption to 
its employees or its communications system.

Press release:
< http://www.net-security.org/text/press/982115915,61092,.shtml >

----------------------------------------------------------------------------

SECURITY DEPLOYMENT IN WESTERN EUROPE - [14.02.2001]

Infonetics Research's latest market research study, "Network Technology 
Adoption Forecasts, Europe 2001," shows growth in almost every area of 
network build-out among organizations in Western Europe, particularly in 
security technologies and services. The results of this study closely parallel 
those found in a study Infonetics Research published just a few weeks ago 
on the U.S. and Canadian markets.

Press release:
< http://www.net-security.org/text/press/982115972,30596,.shtml >

----------------------------------------------------------------------------

TRUSECURE CORPORATION EXPANDS EXECUTIVES - [.02.2001]

In support of its continued growth and global expansion, TruSecure Corporation, 
the leader in Internet security assurance, today announced the appointment 
of three new executives: Greg Coticchia as chief operating officer, Jef Loos 
as senior vice president, general manager of European operations, and Sanjay 
Mehta as vice president of business development. Together this team brings 
more than forty years of additional senior executive experience to TruSecure.

Press release:
< http://www.net-security.org/text/press/982116034,90742,.shtml >

----------------------------------------------------------------------------

SOPHOS - KOURNIKOVA WORM CREATOR ARRESTED - [14.02.2001]

Sophos, a world leader in corporate anti-virus protection, has welcomed the 
arrest of a man in the Netherlands in connection with the VBS/SST-A computer 
worm. Dutch police spokesman Robert Rambonnet confirmed that the police 
force in the Netherlands have arrested a 20 year old in connection with the 
recent "Anna Kournikova" virus outbreak on suspicion of damaging computer 
programs and property. The man, who lives in Friesland, turned himself into 
the authorities after apparently posting a bizarre apology for his actions on 
the internet. His identity has not been revealed, but the author of the 
computer worm and self-confessed fan of Anna Kournikova uses the 
pseudonym "OnTheFly".

Press release:
< http://www.net-security.org/text/press/982164133,56196,.shtml >

----------------------------------------------------------------------------

F-SECURE PRODUCTS INTEGRATE WITH CA'S EMS - [14.02.2001]

Secure Corporation, a leading provider of centrally managed security solutions 
for the mobile, distributed enterprise, today announced integration of F-Secure 
products with the enterprise management systems [EMS] from Computer 
Associates and BMC Software. Organizations that have standardized on 
Unicenter TNG and BMC PATROL can now use the familiar management 
consoles of these three market-leading frameworks to control and monitor 
most aspects of F-Secure's products. As a result, IT administrators can 
more effectively and efficiently manage their networks and security, while 
preserving their investments in those management frameworks.

Press release:
< http://www.net-security.org/text/press/982164488,68552,.shtml >

----------------------------------------------------------------------------

TELE DANMARK SELECTS SONICWALL - [14.02.2001]

SonicWALL, Inc. (NASDAQ:SNWL), a leading provider of Internet security 
products, announced that it has been selected by TDC Internet, a division 
of Denmark's leading telecommunications company Tele Danmark Communications 
(TDC), as a foundation for the company's new managed security solutions. With 
SonicWALL's Internet security appliances and Global Management System (GMS), 
TDC will be able to deliver managed security and value added services to its 
small to medium-sized enterprise customers (SME).

Press release:
< http://www.net-security.org/text/press/982203363,39069,.shtml >

----------------------------------------------------------------------------

WEST COAST LABS CERTIFY APPGATE V.3.2 - [.02.2001]

Network security experts appGate, Inc., announced that West Coast Labs, a 
division of West Coast Publishing Limited, has awarded them the first Checkmark 
certificate for secure application gateways. West Coast Labs sets and publishes 
standards for computer security products and awards its Checkmark certificate 
to those manufacturers who meet or exceed those standards. The newly 
introduced Checkmark for secure application gateways was awarded to 
appGate for its latest software release, appGate Version 3.2. The company 
was awarded Level 2 of the West Coast Labs standard, currently the highest 
level of certification that the Checkmark provides.

Press release:
< http://www.net-security.org/text/press/982203401,66068,.shtml >

----------------------------------------------------------------------------

FREE VIRUS PROTECTION FOR WIRELESS DEVICES - [15.02.2001]

Trend Micro Inc., a leading provider of network antivirus and content security 
for the Internet age, today announced the availability of free antivirus software 
for the most popular handheld mobile and wireless device platforms, including 
Palm OS, Windows CE, and Symbian EPOC. Based on Trend Micro's award-winning 
PC-cillin desktop antivirus software, PC-cillin for Wireless resides on Palm OS, 
Pocket PC (Windows CE), and EPOC handheld devices to protect users from 
potentially malicious code including viruses, scripts, Trojan horses, and worms. 
Devices are susceptible to these threats whenever users receive email, browse 
the Web, or receive information via beaming and synching.

Press release:
< http://www.net-security.org/text/press/982203494,36531,.shtml >

----------------------------------------------------------------------------

FIPASS NOVEL TOKEN PASSWORD SECURITY SYSTEM - [15.02.2001]

FiPoint is proudly sponsoring the World Boxing Association Heavyweight 
Contender, John "The Quiet Man" Ruiz for the Holyfield -Ruiz 2 fight which will 
be broadcast live on SET -Showtime Event Television from Mandalay Bay in Las 
Vegas on March 3rd 2001. FiPoint, the financial integrator, is sponsoring Ruiz to 
introduce its premier security product "the FiPass" which will position FiPoint to 
lead the fight to "protect yourself online." The FiPass logo will be in the ring 
with Ruiz on his fighting shorts, on the Ruiz Team gear and in Ruiz's corner.

Press release:
< http://www.net-security.org/text/press/982260460,54584,.shtml >

----------------------------------------------------------------------------

CYBERGUARD'S SECURITY SCOOP IN SINGAPORE - [15.02.2001]

With Internet security a serious global issue, Paul Henry of CyberGuard 
Corporation, the technology leader in network security, will divulge his 
security secrets at a National University of Singapore seminar on February 
23 at 10:30 a.m. local time. Henry, managing director of Asian operations 
for CyberGuard, will be presenting "Hacking Exposed: The Hacking Tools of 
Script Kiddies" as part of the university's "You are the TARGET" seminar on 
information security.

Press release:
< http://www.net-security.org/text/press/982260499,29458,.shtml >

----------------------------------------------------------------------------

FIRST KOREA SECURITY INFORMATION SHARING CREATED - [15.02.2001]

Predictive Systems, a leading network infrastructure consulting firm, announced 
that it has entered into an agreement with Infosec Corporation, a leading South 
Korean information security services provider, to create the Korea Security 
Information Sharing and Analysis Center (KS/ISAC) to facilitate the sharing of 
sensitive information about cyber attacks and security vulnerabilities that pose 
threats to Korean businesses. As a participating bureau of the Worldwide ISAC 
(WW/ISAC), which was launched last year, the KS/ISAC provides a secure 
database, analytical tools, and information gathering and distribution facilities 
designed to allow authorized participants to submit either anonymous or 
attributed reports about information security threats, vulnerabilities, 
incidents, and solutions.

Press release:
< http://www.net-security.org/text/press/982260554,78205,.shtml >

----------------------------------------------------------------------------

PROTECTING ENTERPRISE FROM MALICIOUS CODE - [20.02.2001]

F-Secure Corporation, a leading provider of centrally managed security for the 
mobile enterprise, today announced the general availability of F-Secure Anti-Virus 
for Internet Mail. The product protects all email traffic against inbound and 
outbound security threats in real time, including internal SMTP mail traffic. 
Since email can bypass traditional workstation and server-based virus 
protection, businesses need an anti-virus solution at the gateway level. In 
today's corporate environment, the ability to protect sensitive data from 
viruses outside the corporate network has become a necessity. F-Secure 
Anti-Virus for Internet Mail incorporates multiple scanning engines, creating 
superior detection rates and ensuring that these threats never penetrate 
the network.

Press release:
< http://www.net-security.org/text/press/982633450,84386,.shtml >

----------------------------------------------------------------------------

PARA-PROTECT SERVICES APPOINTS CFO - [20.02.2001]

Para-Protect Services Inc., a managed security and support services provider 
for the global 500 and trusted partner providers, announced the appointment 
of Joseph D. Ragan III, CPA. as Chief Financial Officer. Ragan joins Para-Protect 
Services, Inc. after serving as CFO, US Operations for Winstar Communications 
for the past two years. Winstar is a publicly traded company in the broadband 
services market serving over 60 domestic markets and 12 international markets. 
With the firm, Ragan improved quality and timeliness of financial reporting, 
internal controls, and asset management reporting and substantially reduced 
telecommunications costs.

Press release:
< http://www.net-security.org/text/press/982633974,29797,.shtml >

----------------------------------------------------------------------------




Featured books
----------------

The HNS bookstore is located at:
http://net-security.org/various/bookstore

Suggestions for books to be included into our bookstore 
can be sent to staff@net-security.org

----------------------------------------------------------------------------

CISCO IP ROUTING HANDBOOK

The book approaches the more complicated and capable routing protocols first 
by explaining Routing Information Protocol (RIP) and the fundamental principles 
that it incorporates in a way that's understood relatively easily. The explanations 
require readers to pay close attention to text that's interspersed with routing 
tables and input/output sequences from Cisco's Internetworking Operating 
System (IOS). Given the proper attention, this text does a fine job of explaining 
how Interior Gateway Routing Protocol (IGRP), Enhanced IGRP (EIGRP), and Open 
Shortest Path First (OSPF) routing work, along with static routing and other 
simpler concepts. Topics covered: Routing protocols, as implemented by Cisco 
Systems routers and configured on the Cisco Internetworking Operating System 
(IOS). Routing Information Protocol (RIP), Interior Gateway Routing Protocol 
(IGRP), Enhanced IGRP (EIGRP), Open Shortest Path First (OSPF), Integrated 
System to Integrated System (IS-IS), and Border Gateway Protocol (BGP) 
version 4 all are covered.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0764546953/netsecurity >

----------------------------------------------------------------------------

MICROSOFT SQL SERVER 2000 ADMINISTRATOR'S POCKET CONSULTANT

If specialization is for insects, those of us who have only two legs are bound 
to need reminders when we sit down to perform a specialized task. For those 
times in which the specialized task at hand involves the latest version of 
Microsoft's high-end database management system (DBMS), Microsoft SQL 
Server 2000 Administrator's Pocket Consultant will provide how-to answers 
on the double-quick. This small, inch-thick volume fits nicely into a briefcase, 
and opens flat for easy reference. It makes little attempt to explain how SQL 
Server works, assuming instead that the reader knows what he or she needs. 
For example, a quick scan of the index for "Logins, Assigning Roles for Multiple" 
yields a reference to a page that explains exactly what to do, step by step. 
Procedures are a large part of the appeal of this book; value tables and 
Transact-SQL syntax documentation contribute the rest. A typical value 
table lists all standard database roles, along with commentary on what sort 
of user is appropriate for each role. Transact-SQL documentation includes 
generic "all available options" statements of syntax, followed by usage 
examples. Deeper explanations of what each option does would make the 
syntax documentation stronger, but what's here is certainly enough to jog 
readers' memories and point them to heavier reference material, if they 
need it. Keep this book handy if your job requires you to hop from DBMS 
to DBMS.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0735611297/netsecurity >

----------------------------------------------------------------------------

THE OFFICIAL GUIDE TO INFORMIX/RED BRICK DATA WAREHOUSING

The book covers all the features of RedBrick in the process of building a data 
warehouse through its complete lifecycle, beginning with planning the project, 
designing the database, building and loading the database, deploying the 
database to business users and maintaining the data warehouse in the future. 
Each of the topics is presented in a straightforward fashion by discussing in 
detail the objective, concepts, and implementation techniques and briefly 
touching on the more advanced components. One ongoing case study used 
throughout the book allows the reader to build upon it with each major area 
to create a sample data warehouse. Sample forms and documents as well 
as completed exercises are provided on the CD-ROM.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0764546945/netsecurity >

----------------------------------------------------------------------------

POSTGRESQL: INTRODUCTION AND CONCEPTS

(Pearson Education) Presents the fundamentals of PostgreSQL, an advanced, 
feature-filled database server. Assumes no background in databases at all, but 
still moves quickly, going beyond mechanics and into the applications of simple 
commands in working database applications. Highlights common pitfalls and 
offers time and trouble-saving tips.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0201703319/netsecurity >

----------------------------------------------------------------------------

PLANNING EXTREME PROGRAMMING (THE XP SERIES)

The Extreme Programming (XP) paradigm has developers doing things like 
programming in pairs, writing tests to verify all code, and continuously 
refactoring designs for improved performance. Written by two of its 
inventors, Planning Extreme Programming shows you how to implement 
XP by using a simple, effective process. This remarkably short (yet 
remarkably useful) title will give any XP manager or programmer a 
perspective on delivering software that meets the needs of customers 
better. Simplicity is the watchword of the XP software process. This 
book is virtually devoid of traditional software-engineering jargon and 
design diagrams, and yet does a good job of laying the foundation of 
how to perform XP--which is all about working with a customer to 
deliver features incrementally.

Book:
< http://www.amazon.com/exec/obidos/ASIN/0201710919/netsecurity >

----------------------------------------------------------------------------




Security Software
-------------------

All programs are located at:
http://net-security.org/various/software

----------------------------------------------------------------------------

NESSUS 1.0.7A

Nessus is a free, up-to-date, and full featured remote security scanner for Linux,
BSD, Solaris and some other systems. It is multithreaded, plugin-based, has a
nice GTK interface, and currently performs over 531 remote security checks.
It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only
points out problems, but suggests a solution for each of them. Changes: 1.0.7a
fixes bugs in the scanner timeout.

Info/Download:
< http://www.net-security.org/various/software/982454976,58605,linux.shtml >

----------------------------------------------------------------------------

BLACKICE DEFENDER 2.1

BlackICE Defender delivers bulletproof intrusion detection and personal firewall
protection to your PC. It scans your DSL, cable, or dial-up Internet connection
looking for hacker activity, much like antivirus programs scan your hard disk
looking for viruses. BlackICE will not slow down your PC or your Internet
experience.

Info/Download:
< http://www.net-security.org/various/software/982455317,56745,windows.shtml >

----------------------------------------------------------------------------

ZONEALARM 2.1.44

ZoneAlarm is designed to protect your DSL or cable-connected PC from hackers.
This program includes four interlocking security services: a firewall, an Application
Control, an Internet Lock, and Zones. The firewall controls the door to your
computer and allows only traffic that you understand and initiate. The Application
Control allows you to decide which applications can and cannot use the Internet.
The Internet Lock blocks Internet traffic while your computer is unattended or 
while you are not using the Internet, and it can be activated automatically with 
your computer's screensaver or after a set period of inactivity. Zones monitor all 
activity on your computer and alert you when a new application attempts to 
access the Internet. This version includes protection from emailborne worms.

Info/Download:
< http://www.net-security.org/various/software/982455527,33047,windows.shtml >

----------------------------------------------------------------------------

PALMPASSWORD 1.51

With PalmPassword, you will never again have to remember account names
and passwords, or which one is used where. PalmPassword will completely
automate the process of using login names and passwords, whenever and
wherever you need them.

Info/Download:
< http://www.net-security.org/various/software/982084445,35396,palm.shtml >

----------------------------------------------------------------------------

TEAL LOCK 3.21

TealLock replaces the standard Palm security application with a system that
offers many activation and customization options. These include activation
by shortcut strokes, custom locking of screen text and images, optional
auto-locking of private records, and file-hiding immediately at shutdown
or after a specified period of time.

Info/Download:
< http://www.net-security.org/various/software/982084525,67290,palm.shtml >

----------------------------------------------------------------------------

INTERNET EXPLORER SECURITY 1.1

From the developer: "Internet Explorer Security is a free utility that customizes
many aspects of the Internet Explorer Web browser. It's a snap to use and
provides the tools you need to retain and manage your Web browser settings.
It lets you disable individual menu items and prevent others from editing your
Favorites. It also allows you to disable individual tabs in the Internet Options
dialog, as well as specific settings from each tab. Still other settings let you
change the title caption, toolbar background, and animated icon; change
default folders; and replace standard error information pages. Multiuser
support and password protection are also offered."

Info/Download:
< http://www.net-security.org/various/software/982084622,69048,windows.shtml >

----------------------------------------------------------------------------

ONLYME 2.15

OnlyMe automatically locks your Palm whenever the device is turned off.
Entering your password is the only way to turn it on. This version stops
the Palm V from turning on when the case pushes the up/down arrow keys,
and handles certain conflicts with upcoming versions of the Palm OS and
with certain game programs.

Info/Download:
< http://www.net-security.org/various/software/982440775,76206,palm.shtml >

----------------------------------------------------------------------------

12GHOSTS WASH 21.03

This will cover your tracks and clean out folders of unused and unwanted data.
It includes options for Windows, browsers, and other applications. You can even
turn on the included shredder for total security. In Windows, it can clear the Run
history, recent documents, Find-files history, and the Temp folder. In your
browser, it will clear the typed address list, cached files, history, and cookies.
This program can also remove WinZip's Most-Recently used file list, or the Last
Open folder in ACDsee. Command-line control is available to create automatic 
"wash" times (prior to shutdown, for example).

Info/Download:
< http://www.net-security.org/various/software/982440911,87752,windows.shtml >

----------------------------------------------------------------------------




Defaced archives
------------------------

[10.02.2001] - SecureNet BR
Original: http://www.securenet.com.br/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/10/www.securenet.com.br/

[11.02.2001] - Asia-Pacific Service Network
Original: http://www.apsn.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/11/www.apsn.com/

[11.02.2001] - CompUSA Inc.
Original: http://commercial.compusa.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/11/commercial.compusa.com/

[11.02.2001] - Pinnacle Communications
Original: http://dev.ldd.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/11/dev.ldd.com/

[11.02.2001] - Gateway 2000, Inc.
Original: http://jobs.gateway.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/11/jobs.gateway.com/

[12.02.2001] - British Columbia Courts
Original: http://www.courts.gov.bc.ca/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/12/www.courts.gov.bc.ca/

[13.02.2001] - Intel Corporation
Original: http://talisman1.cps.intel.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/13/talisman1.cps.intel.com/

[13.02.2001] - Walt Disney Company: Go.Com
Original: http://remote.go.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/13/remote.go.com/

[14.02.2001] - Linux Mania
Original: http://www.linuxmania.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/14/www.linuxmania.org/

[14.02.2001] - Hewlett-Packard Company
Original: http://e-learning.hp.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/14/e-learning.hp.com/

[14.02.2001] - AltaVista Company
Original: http://merchant.shopping.altavista.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/14/merchant.shopping.altavista.com/

[14.02.2001] - Compaq Computer Corporation
Original: http://www.weft2.emea.compaq.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/14/www.weft2.emea.compaq.com/

[15.02.2001] - Software Patent Institute
Original: http://www.spi.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/15/www.spi.org/

[15.02.2001] - The New York Times Company
Original: http://business.nytimes.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/15/business.nytimes.com/

[17.02.2001] - Fuji Film
Original: http://www.fujifilm.se/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/17/www.fujifilm.se/

[17.02.2001] - Zavod za zaposlovanje Republike Slovenije
Original: http://www.ess.gov.si/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/17/www.ess.gov.si/

[17.02.2001] - Iomega Corp.
Original: http://search.iomega.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/17/search.iomega.com/

[18.02.2001] - Financial Institutions Commission Homepage
Original: http://www.fic.gov.bc.ca/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/18/www.fic.gov.bc.ca/

[18.02.2001] - Comite International Olympique
Original: http://atlanta.olympic.org/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/18/atlanta.olympic.org/

[18.02.2001] - Idaho State Government
Original: http://www.doi.state.id.us/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/18/www.doi.state.id.us/

[18.02.2001] - Hewlett-Packard Company
Original: http://openview.hp.com/
Defaced: http://www.attrition.org/mirror/attrition/2001/02/18/openview.hp.com/

----------------------------------------------------------------------------


Questions, contributions, comments or ideas go to:
 
Help Net Security staff
 
staff@net-security.org
http://net-security.org